Vulnerabilites related to Rockwell Automation - FactoryTalk® Service Platform
cve-2024-21915
Vulnerability from cvelistv5
Published
2024-02-16 18:20
Modified
2024-08-28 16:49
Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | FactoryTalk® Service Platform |
Version: <v2.74 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:35:34.363Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.rockwellautomation.com/en-us/support/advisory.SD1662.html", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "factorytalk_services_platform", vendor: "rockwellautomation", versions: [ { lessThan: "2.74", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-21915", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-22T17:52:16.447727Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-28T16:49:41.429Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FactoryTalk® Service Platform", vendor: "Rockwell Automation", versions: [ { status: "affected", version: " <v2.74", }, ], }, ], datePublic: "2024-02-15T14:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. </span><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable.</a>\n\n", }, ], value: "\nA privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable.\n\n", }, ], impacts: [ { capecId: "CAPEC-122", descriptions: [ { lang: "en", value: "CAPEC-122 Privilege Abuse", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-732", description: "CWE-732 Incorrect Permission Assignment for Critical Resource", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-16T18:20:43.862Z", orgId: "b73dd486-f505-4403-b634-40b078b177f0", shortName: "Rockwell", }, references: [ { url: "https://www.rockwellautomation.com/en-us/support/advisory.SD1662.html", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<ul><li>Update to v2.74 or later.</li><li>\n\n<p>Customers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.</p><ul><li><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></li></ul>\n\n<br></li></ul>", }, ], value: " * Update to v2.74 or later.\n * \n\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.\n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \n\n\n\n\n\n\n\n\n", }, ], source: { discovery: "UNKNOWN", }, title: "Rockwell Automation FactoryTalk® Service Platform Elevated Privileges Vulnerability Through Web Service Functionality", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b73dd486-f505-4403-b634-40b078b177f0", assignerShortName: "Rockwell", cveId: "CVE-2024-21915", datePublished: "2024-02-16T18:20:43.862Z", dateReserved: "2024-01-03T16:40:50.367Z", dateUpdated: "2024-08-28T16:49:41.429Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21917
Vulnerability from cvelistv5
Published
2024-01-31 18:16
Modified
2024-10-17 17:09
Severity ?
EPSS score ?
Summary
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | FactoryTalk® Service Platform |
Version: <= v6.31 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:35:34.763Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-21917", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-06T05:00:19.636807Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-17T17:09:38.403Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FactoryTalk® Service Platform", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "<= v6.31", }, ], }, ], datePublic: "2024-01-30T14:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.</span>\n\n", }, ], value: "\nA vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.\n\n", }, ], impacts: [ { capecId: "CAPEC-115", descriptions: [ { lang: "en", value: "CAPEC-115 Authentication Bypass", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347 Improper Verification of Cryptographic Signature", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-31T18:16:27.949Z", orgId: "b73dd486-f505-4403-b634-40b078b177f0", shortName: "Rockwell", }, references: [ { url: "https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<p>Customers using \n\nRockwell Automation FactoryTalk® Service Platform\n\n are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.</p><ul><li>Update to v6.40 or later. </li><li>Set DCOM authentication level to 6, <a target=\"_blank\" rel=\"nofollow\">which enables encryption of the service token and communication channel between the server and client. Please refer to </a><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1134040\">Mitigating Microsoft DCOM Hardening Patch (CVE-2021-26414) for Affected Rockwell Automation Products (custhelp.com)</a></li><li>When it is not possible to update to v6.40 or later, enable verification of the publisher information (i.e., digital signature) of any executable attempting to use the FactoryTalk® Services APIs. This helps prevent a malicious user from calling the API to receive the service token. This setting can be changed from the Application Authorization node located within System Policies using the FactoryTalk® Administration Console application.</li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></li></ul>\n\n", }, ], value: "\nCustomers using \n\nRockwell Automation FactoryTalk® Service Platform\n\n are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.\n\n * Update to v6.40 or later. \n * Set DCOM authentication level to 6, Mitigating Microsoft DCOM Hardening Patch (CVE-2021-26414) for Affected Rockwell Automation Products (custhelp.com) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1134040 \n * When it is not possible to update to v6.40 or later, enable verification of the publisher information (i.e., digital signature) of any executable attempting to use the FactoryTalk® Services APIs. This helps prevent a malicious user from calling the API to receive the service token. This setting can be changed from the Application Authorization node located within System Policies using the FactoryTalk® Administration Console application.\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \n\n\n\n\n", }, ], source: { discovery: "UNKNOWN", }, title: " Rockwell Automation FactoryTalk® Service Platform Service Token Vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b73dd486-f505-4403-b634-40b078b177f0", assignerShortName: "Rockwell", cveId: "CVE-2024-21917", datePublished: "2024-01-31T18:16:27.949Z", dateReserved: "2024-01-03T16:40:50.367Z", dateUpdated: "2024-10-17T17:09:38.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }